[c-nsp] firewalling authenticated wireless traffic
Phil Mayers
p.mayers at imperial.ac.uk
Wed Feb 10 08:10:54 EST 2010
On 10/02/10 12:52, scott owens wrote:
> Hello,
>
> We offer wireless connectivity to about 500 to 1000 user/devices that
> authenticate with machine& domain credentials via WPA2.
> Currently we send this through a HA pair of ASA5520s where the rule for this
> traffic essentially is any->any := ok.
> Does anyone let this type of traffic directly into their core networks -
> perhaps still restricting other type of wlans with controllers or firewalls
We do exactly the same thing.
The main rationale is that we could drop in rules in a hurry during a
mass outbreak such as Blaster or Slammer.
> My thought is that our wireless traffic is likely more secure that our plain
> wired networks - at this point without 802.1x on lan.
Indeed.
More information about the cisco-nsp
mailing list